Bancos.FC is a Trojan that goes memory resident and waits until an Internet connection is established using the Dial-up and Network Access. Then, if the user types an URL that contains any of certain text strings belonging to banking entities, Bancos.FC logs the URL accessed and the data entered, such as account number, password, PIN, etc. Then, the log information is collected and sent to a server in Internet, including a unique identifier, which Bancos.FC generates using the volume number of the C: drive in order to control the number of affected computers and which information has been obtained from each of them. Bear in mind that this Trojan only affects users that connect to the Internet using the Dial-up and Network Access. If Bancos.FC is running but the user is not connected to the Internet, or the connection is made via a Local Area Network (LAN) or ADSL line, some anomalies will be observed while using Internet Explorer. Bancos.FC does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, e-mail messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc. |